Log file analysis with the Nagios check_logfiles plugin

LOG TRAVELER

The Nagios check_logfiles plugin helps you monitor your logfiles – even if the logs rotate and change names.

The Nagios monitoring tool is a general framework for watching things. Nagios lets you keep an eye on computers, processes, devices, and network services. Another thing Nagios can watch is logfiles. The Nagios plugin collection comes with a number of options for monitoring logs. The check_log and check_log2 plugins, for example, are popular with many admins; however, these plugins sometimes have problems in situations in which an application or script is rotating the logs. The tools tend to slip up occasionally and miss a couple of lines, which is something you can’t allow if you need 100% coverage. To close the gaps, the check_logfiles plugin was developed to check every single entry – even if a log moves, changes its name, or disappears into a compressed archive during the monitoring period.

Just as a craftsman is unlikely to purchase a new angle grinder every month, sys admins are unlikely to change constantly their tried and trusted tools. Columnist Charly Kühnast ditches this conservative philosophy this month, lured by the charms of a new logfile tool.

A powerful search engine, a tool for processing and normalizing protocols, and another for visualizing the results – Elasticsearch, Logstash, and Kibana form the ELK stack, which helps admins manage logfiles on high-volume systems.